Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201203-10
HistoryMar 06, 2012 - 12:00 a.m.

libmikmod: User-assisted execution of arbitrary code

2012-03-0600:00:00
Gentoo Foundation
security.gentoo.org
16

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.219

Percentile

96.5%

JSON

Background

libmikmod is a library to play a wide range of module formats.

Description

Multiple boundary errors have been found in load_it.c in libmikmod, which may cause a buffer overflow.

Impact

A remote attacker could entice a user to open specially crafted files in an application linked against libmikmod, possibly resulting in execution of arbitrary code with the permissions of the user running the application, or Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All libmikmod 3.2 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=media-libs/libmikmod-3.2.0_beta2-r3"

All libmikmod 3.1 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/libmikmod-3.1.12-r1"

Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.

OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-libs/libmikmod< 3.2.0_beta2-r3UNKNOWN

Related

openvas 8
nessus 8
ubuntucve 2
nvd 2
osv 2
cvelist 2
prion 2
debiancve 2
cve 2
veracode 1
ubuntu 1
securityvulns 2
debian 1
openvas
openvas
Gentoo Security Advisory GLSA 201203-10 (libmikmod)
2012-03-12 00:00:00
Gentoo Security Advisory GLSA 201203-10 (libmikmod)
2012-03-12 00:00:00
Debian: Security Advisory (DSA-2081-1)
2010-08-21 00:00:00
nessus
nessus
GLSA-201203-10 : libmikmod: User-assisted execution of arbitrary code
2012-03-06 00:00:00
Debian DSA-2081-1 : libmikmod - buffer overflow
2010-08-03 00:00:00
Mandriva Linux Security Advisory : libmikmod (MDVSA-2010:151)
2010-08-17 00:00:00
ubuntucve
ubuntucve
CVE-2010-2971
2010-08-05 00:00:00
CVE-2010-2546
2010-08-05 00:00:00
nvd
nvd
CVE-2010-2971
2010-08-05 13:22:29
CVE-2010-2546
2010-08-05 13:22:29
osv
osv
libmikmod - arbitrary code execution
2010-08-01 00:00:00
timidity-2.15.0-2.2 on GA media
2024-06-15 00:00:00
cvelist
cvelist
CVE-2010-2971
2010-08-04 21:00:00
CVE-2010-2546
2010-08-04 21:00:00
prion
prion
Design/Logic Flaw
2010-08-05 13:22:00
Heap overflow
2010-08-05 13:22:00
debiancve
debiancve
CVE-2010-2971
2010-08-05 13:22:29
CVE-2010-2546
2010-08-05 13:22:29
cve
cve
CVE-2010-2971
2010-08-05 13:22:29
CVE-2010-2546
2010-08-05 13:22:29
veracode
veracode
Buffer Overflow
2023-12-28 10:50:52
ubuntu
ubuntu
libMikMod vulnerabilities
2010-09-29 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2081-1] New libmikmod packages fix arbitrary code execution
2010-08-14 00:00:00
libmikmod multiple buffer overflows
2010-08-14 00:00:00
debian
debian
[SECURITY] [DSA 2081-1] New libmikmod packages fix arbitrary code execution
2010-08-01 19:11:02

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.219

Percentile

96.5%

JSON
Related for GLSA-201203-10
openvas8nessus8ubuntucve2nvd2osv2cvelist2prion2debiancve2cve2veracode1ubuntu1securityvulns2debian1